products | company | support | downloads | isp services | contact us
|
mail us
|
mail this page products | company | support | downloads | isp services | contact us |
This page has just been updated after yet another heart-rending conversation with a customer who lost almost everything through easily preventable actions. We are now recommending a change of email client as a higher priority than before due to the ever increasing number of problems in spite of all the anti-this and anti-that technology out there.
In the same way that no amount of exercise can guarantee you will not have a health problem, similarly with email. However there are certain habits which will greatly increase your risk of bad health, so also with email.
The following items are mostly common sense but may help to reduce your exposure to SPAM, Viruses and other hateful things. We also provide a page to help configure SPAM and other controls in a number of email clients.
Prevention is better than cure. Give out your email address with the same care you give out your home phone number.
We recommend that you create an alias every time you join a mailing list or give out your email to anyone you do not know well. This way if the email address becomes the source of spam you can just delete the alias without having to send a message to all your real contacts to inform them your email address has changed.
If your mailbox has become hopelessly clogged with all kinds of nasty stuff the best policy may be to start again. Delete your current mailbox mailbox and get new one. But if you do not use the alias policy noted above when joining mailing lists or being cautious about giving out your email address then sooner or later it will all start happening again.
If you own or operate a web site NEVER publish any email address in full on the site i.e. never have me@mywonderfuldomain.com either in plain text or in any href from the link tag i.e. never have mailto:me@mywonderfuldomain.com - instead use some form of javascript mangling function (use view source to see ours) and publish the name in some cryptic format such as 'me at mywonderfuldomain dot com'. There are thousands of email harvesting programs that just love to crawl through your site and scoop up those email addresses. Again most people have standard aliases like info, webmaster and so on - spammers know that too. So guess what ... they are going to send to that address. Instead use a mangling function and provide lots of places that people can email you by clinking a link and then you can get rid of 'info' and 'webmaster' - since you control the return address you can call it anything you want 'product-info' or 'web-master'.
It is a sad fact of life that people who send out viruses, worms and other unpleasant things want to hurt the most number of people they can. If you are using the most popular email software your chances of being hit or affected are just plain higher - thats the way it is, its a numbers game. So your first line of defense is to not belong to the majority - you are simply a less interesting target. Change your email client program.
If you think you are especially vulnerable - or have a history of problems in spite of taking sensible precautions - change your email program. There are many excellent - mostly free - mail programs out there. We now have no reservation about suggesting that you look at Thunderbird having used it ourselves for almost three years. It will import your address books and all your current mail from most email programs. You will lose nothing in the transition. It has simple controls to disable the most dangerous aspects of reading mail. Well thought out and as it says in the promotional material 'reclaim your inbox'.
Yes, Yes and Yes again. BUT make sure you keep it updated (many vendors offer auto-updated services) and make sure it deals with MS Office and other macros. The 'vendors' link will get you started if you are not already a user. The best vendors have a try before you buy policy. Unfortunately even this policy is becoming less useful that it used to be because of the speed with which attacks take place, the recent spate of attacks against anti-virus software and multiple layers of email anti-virus, anti-spam and anti-whatever can mean nothing gets through.
Microsoft Internet Explorer will take you to its home page occasionally to tell you that your browser is out of date or is missing some vital security upgrade. We can all find this message annoying but this message also affects your email client. In general - always accept the update - as long as it looks genuine.
Since email is the biggest cause of virus attacks, offense and time wasting (SPAM), invest a bit of time to get to know your email program's capabilities. Your email program can be your best ally in stopping the rising tide of problems and since it can be tailored to your needs its the last and perhaps most effective line of defense.
The majority of people in our experience use a email viewing window configuration in which the currently selected email is always visible in what is called a 'Message pane' (Mozilla/Netscape/Thunderbird) or a 'Preview pane' (Outlook/Outlook Express). The bad news is that this action alone may have zapped you. Get rid of this pane - whatever its called. It is positively dangerous especially if you are running with Javascript enabled and its HTML mail (see below). OK so you will have to double click the message to read it - but at least you control the next time your inbox is infected not your email program!
Read the 'subject line' and the 'from' address BEFORE you open anything.
If the subject suggests its spam (e.g. Offer you can't refuse...) and it's 'from' address looks suspicious (e.g. slimytoad@slimytoad.com - especially one of the bigger anonymous free mail services) - just delete it. Why even bother to read it (Oh you just want to confirm its spam?!).
Remember you control your life and you can refuse offers 'you can't refuse'.
This one is tough. If you know someone, you tend to assume everything from them is OK. Remember most modern viruses use Address Books to send the virus to others. So the people you trust may have become unwitting carriers of a virus. Be a healthy cynic. If it is not in the spirit of 'normal' communication, be suspicious. Delete it. If that sounds hard-hearted then you have never received a panic-stricken email from a friend or colleague apologising profusely for having become infected and passing on the virus.
Regular text mail is benign and reading it will do you no harm ('attachments' might - see below) but not the mail item itself.
HTML mail looks nicer than regular text mail but is potentially much more dangerous (and regrettably becoming more popular) - just opening it can harm you (through the use of embedded Javascript). If you can disable Javascript in your mailer program - DO IT (see our email FAQs). If you can disable fetching embedded images in your mailer - DO IT.
Apart from the offence and shock some of the images can cause - the very act of displaying an image causes your system to request the image(s) from the remote site. The remote site knows you have read the mail, knows you exist, knows your IP address and knows you are potentially vulnerable.
If you can avoid using HTML mail - DO IT. Unfortunately today it is probably impractical.
Attachments are the most dangerous part of email. Most viruses are carried in attachments. The best rule is NEVER open an attachment. In practice this is not possible - we all get hundreds of essential attachments. So here is the SECOND BEST set of rules:
NEVER open a .exe file.
(Ed note: I don't even open these birthday card programs even when it is my birthday - not everyone likes me). The only exceptions to this are: if the file is referenced in the body of the email AND you know the person its from AND you are expecting the file. Even then its a risk.
Want to be real safe? Send a quick email and ask the sender to confirm they sent the attachment. Similarly show the same courtesy when you attach an .exe (or any other file), confirm it should be there in the body of the email.
Do someone a good turn - prevent a heart-attack!
MS Office Files (e.g. .doc, .xls etc)
Many viruses are using MS office macros to do the damage. Make sure your anti-virus software is up to date and checks for macro viruses. MS are very good about publishing security fixes. Keep your software up to date. Again if the attachment is NOT referenced in the body of the email be suspicious. Delete it or send an email requesting confirmation that it was meant to be attached BEFORE YOU OPEN IT.
PDF Files
PDFs tend to be pretty safe.
ZIP Files
Follow the normal rules for .exe attachments. Even then inspect the contents of the zip files BEFORE YOU EXTRACT THEM and follow the advice for each file type above. If there are any .exe files inside NEVER run them.
All Other file types
If they are not referenced in the body of the email OR you are not expecting them OR you don't know the person sending it. Delete it. PERIOD.
If you consider deleting mail too drastic or want to track the culprits (we'll do all we can to help you here) consider creating a special system wide mailbox to which you can forward all suspicious messages. This mailbox should be opened by a responsible person from time to time on a PC that has NO PRIVATE OR SECURE DATA and HAS MINIMAL LAN NETWORK CONNECTIONS and NO SYSTEM PASSWORDS and NO ADDRESS BOOK on it (use an old PC that you were going to junk). If it gets destroyed, clean it up and rebuilt it. A single PC rebuild is a lot quicker than a network wide restore and rebuild.
Agin to emphasize this point. If you are suspicious of a mail item or its attachment - Delete it.
Sound a bit drastic. If you delete it - it can't hurt you. If its infected - it can. You choose.
If its not practical to delete the mail item because it may be important, send an email requesting confirmation of the attachment BEFORE you touch the suspicious object.
Empty your trash folder at least once a day and better after every mail reading session. Apart from keeping your disc space for useful stuff not that junk you get - its also healthier.
Check the sidebar links for sources to help you verify mail headers and other exotica and our email FAQs pages for more information.
We will help you anyway we can to stamp out mail based problems. Mail us at mailabuse and forward the offending item and we will try and help stamp out the menace.
home
security links
mail security
vendors
email faqs
healthy email
email headers
SPF Anti-SPAM
Greylisting
If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Mozilla
greylisting.org
SPF Web Site
SPF Test Site
sorbs.org
OPEN RELAY TEST
spamfaqs
spam.abuse.net
|
Copyright © 1994 - 2009 ZyTrax, Inc. All rights reserved. Legal and Privacy |
site by zytrax |
web-master at zytrax Page modified: April 18 2007. |
